Privacy

Hands Off Americans' Private Information, Tech Industry Tells President

Major companies oppose government end-runs around encryption

|

Samsung

Last September, Scott Shackford asked, "What does it say about the state of Americans' relationship with their own government that its largest tech company can use the ability to conceal private information from authorities as a selling point?" He referred to plans voiced by both Apple and Google to encrypt smartphones by default so that only the owners would have access to stored data. Previously, Google offered encryption as an option, and Apple retained some access to devices it sold. With growing concern over government snooping post-Snowden, improved privacy has become very desirable feature for many people. Needless to say, the federal government has not been happy about the tech giants' stance.

"What concerns me about this is companies marketing something expressly to allow people to hold themselves beyond the law," FBI Director James Comey whined in response to Apple's and and Google's announced plans.

Months later, during a Senate hearing, Secretary of Homeland Security Jeh Johnson complained that "the marketplace is demanding deeper and deeper encryption into places where the warrant authority of the government does not extend." He added that "with encryption there are communications…records of which are simply not being maintained because of the added security that is being put in place because of the privacy demands that exist in the marketplace.

For their part, tech companies continue their push for strong encryption, most recently with a letter to the president warning about the danger to America's economy and people's liberties "[s]hould the U.S. government require companies to weaken encryption technology."

The commercial fallout of surveillance fears to American companies, a study finds, could be as high as $35 billion.

Sen. Rand Paul (R-Ky.) and Rep. Ted Lieu (D-Calif.) are among the handful of legislators who also slapped back at intrusive officials, pointing out that the government helped create demand for privacy products with its own actions. And there is demand for privacy. One in three American make some effort to hide their data from prying eyes—the government in particular. A new Gallup poll finds that Americans continue to prioritize civil liberties over "anti-terrorism" efforts by more than a two-to-one margin.

The public just doesn't share government officials' preference for security over freedom. By and large, people are not ready to compromise due process, privacy, or freedom of speech in the name of some search for imaginary threats by overbearing law enforcement officers, intrusive intelligence snoops, or power-hungry U.S. Attorneys.

In keeping with their customers' priorities, tech companies have also pushed back against the government. A letter sent yesterday to President Obama by the Information Technology Industry Council and the Software & Information Industry Association cautions, in part:

We are opposed to any policy actions or measures that would undermine encryption as an available and effective tool. As you know, encryption helps to secure many aspects of our daily lives. Encryption is an essential asset of the global digital infrastructure, enabling security and confidentiality for transactions as well as assurances to individuals that their communications are private and information is protected. For example, the rapid growth in online commerce would not have happened but for consumers' trust that their payment information is secure. Consumer trust in digital products and services is an essential component enabling continued economic growth of the online marketplace.

Accordingly, we urge you not to pursue any policy or proposal that would require or encourage companies to weaken these technologies, including the weakening of encryption or creating encryption "work-arounds." We appreciate that, where appropriate, law enforcement has the legitimate need for certain information to combat crime and threats. However, mandating the weakening of encryption or encryption "work-arounds" is not the way to address this need. Doing so would compromise the security of ICT products and services, rendering them more vulnerable to attacks and would erode consumers' trust in the products and services they rely on for protecting their information.

In addition to these security and trust concerns, the U.S. policy position on encryption will send a signal to the rest of the world. Should the U.S. government require companies to weaken encryption technology, such requirements will legitimize similar efforts by foreign governments. This would threaten the global marketplace as well as deprive individuals of certain liberties.

The two organizations, notably, represent Apple and Google, which have already provoked the feds, as well as Microsoft, Facebook, Twitter and other major companies that serve huge markets and have the potential to protect the public's privacy—or damage it under the weight of government commands and threats.

Read the whole letter here.

Advertisement

NEXT: Hubbert's Peak Refuted: Peak Oil Theory Still Wrong

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. “What concerns me about this is companies marketing something expressly to allow people to hold themselves beyond the law,” FBI Director James Comey whined in response to Apple’s and and Google’s announced plans.

    Fantastic.

    Even if Google and Apple had better encryption wouldn’t the assumption be that the NSA or whomever else could still gain access?

    1. Possibly, though more likely by exploiting an implementation issue or hacking into a powered-on phone via the network than “cracking” the encryption.

      Also, you should “access” me via email.

      1. Accessed.

  2. “What concerns me about this is companies marketing something expressly to allow people to hold themselves beyond the law,” said a man whose career is predicated on holding himself beyond the law.

    1. Comey took down one of the greatest threats this country has ever known: Martha Stewart.

  3. Like it matters, the Obama admin won’t even comply with court orders, let alone caring what tech companies think.

  4. DUDE. WHAT THE FUCK, GUYS?!

    Don’t answer that, I’ve read Popehat.

    1. Well, you’re a little late to the party.

      You should email me, too.

      1. Or you could email me, instead 😉

        1. Email everybody!

          Also, Steam isn’t email. Speaking of which, you might email me, too.

              1. It’s not you; it’s me.

                1. “It’s not you; it’s me.”? I invented “It’s not you; it’s me.”!

                  1. Alright! Fine! It’s you!

        2. I’d love to, but I don’t have your email addys.

          thick socks denver at gmail dot com. Drop me a note. We should totally party.

          We’re almost to the Grand Canyon, and I’ve got portable internet but let me tell you about Reason’s mobile. Fuck Reason’s mobile. I couldn’t get it to accept my log in so I could properly have the feelz. I’ve been reading everything, so I think I’m up to speed, though.

          1. My email address is in my handle. 🙂

            Emailing you is easier, though, and I will contact you in a minute.

          2. Omg–it’s so true. Their mobile site is awful. I always switch over to desktop view; it’s an option at the top of the page on the right, fyi.

            1. Dick pics incoming.

              I said, “email sent”.

              1. She’s going to have a whole bag of dicks by lunchtime.

                1. I shall be merciful. I’m a nice person like that.

                  1. Hey, I’m doing you a favor.

    2. Oh, I see now…. Are any of those posters regulars on H&R? I don’t think I recognize any of them.

      Anyway, this sounds extremely weak.

      1. Two were for sure.

      2. I demothballed my blog for discussion (anyone who cares). I have some points on the users in question and thoughts on the whole thing.

        http://thewidenet.blogspot.com…..e-for.html

        1. Ok, I see. Thanks, Paul.

    3. The upside of the whole debacle is, federal prosecutors are sure to come across SugarFree’s blog any day now (if they haven’t already), and their unprepared minds will disintegrate like an ice cube dropped into the sun.

      1. Sounds like a true threat to me

  5. “If you like your private information, you can keep your private information.”

  6. Security is security. If you want your stuff to be secure against the black hats, its going to be secure against the government, too.

    And backdoors are backdoors. A backdoor the government can use is a backdoor the black hats can use.

    For the fedgov, which just barfed up millions of employee files to hackers, to lecture the rest of us about how we don’t need good security, is beyond laughable.

    1. ^This. If the government gets its very own backdoor to everything, we might as well send our credit card info and pins directly to the Chinese government. It would save time.

  7. It just boggles my mind that certain members of the government can’t wrap their minds around the fact that people want privacy from their government (and everyone else) on principle. How difficult is that to understand? Pretty fucking difficult, I guess.

    1. If you aren’t doing anything wrong, why do you need privacy?

      /every authoritarian ever

      1. Yeah…we’ve seen, up close, their definition of “wrong”.

        1. Where do I apply to be the Bad Thoughts Inspector?

    2. But if the people have privacy from the government, who will protect us? How will they even know when we need protected without reading our email?

      Sounds like you want anarchy, mister. Just go live in Somalia!

      1. Mx. Hyp. Mx.

    3. Because they only know one principle: Might makes right.

      And they’ve got might on their side.

      1. “And they’ve got might on their side.”

        Don’t underestimate laziness and ignorance – on your side.

        1. Quick reminder for everybody that mtrueman is a 9/11 Truther. Lest you ever consider taking anything he says – particularly an attack on your intelligence or education – seriously.

          1. “Quick reminder for everybody that mtrueman is a 9/11 Truther”

            For a laugh, you may want to ask PM how a building in cascading collapse (think dominoes) can do so at free fall speed. He won’t have an answer of course, but he’s certain to take offence at your daring to question the government’s ridiculous narrative.

  8. % Take all steps necessary to prevent terrorism even if civil liberties violated
    % Take steps necessary to prevent terrorism but not violate civil liberties

    Oh Gallup, where are my ‘% Take no steps to prevent terrorism and don’t violate civil liberties’ and the ‘% Fuck you, cut spending’ options?

    Seems like the margin is better than 2-1 *with plenty of downward pressure*.

  9. But not hands off our IP, credit or banking information, or any other identifying information or associated devices connected to the user?

    1. No, and they also want all woodchippers to come equipped with an electronic lock that only allows us to use them after the operator files a required Form 1383-J (License to Dispose, Organic Judicial Material).

  10. And so the Cyberwar begins…

    “It is a period of Cyberwar.
    Rebel programmers, striking
    from a hidden basement, have won
    their first victory against
    the evil NSA.

    During the battle, rebel
    cryptologists managed to block data access
    of the Executive Branch’s
    ultimate weapon, Prism,
    a data intercepter with enough power to
    monitor an entire planet.

    Pursued by the Government’s
    sinister agents, Princess
    HOPE types rapidly on her keyboard,
    custodian of the
    encryption technology that can save
    her people and restore
    freedom to the galaxy….”

    1. May the odds be ever in our favor.

      1. Just in case, I’m investing in a bunch of these….

        http://www.birdsnow.com/homingpigeon.htm

        1. Pigeons could make you the next Paul Reuters.

          1. Jumpin’ Josephat!

        2. Implementing RFC 2549? Excellent idea!

      2. May the Chipper be with you.

  11. “What concerns me about this is companies marketing something expressly to allow people to hold themselves beyond the law,” FBI Director James Comey whined in response to Apple’s and and Google’s announced plans.

    WELL, perhaps if you shitbags hadn’t completely undermined the 4th Amendment…

    1. You know who else is undermining the 4th amendment?

  12. Just as you, your labor, and all proceeds thereof belong to the government, so too does all information.

  13. Forgive me for my cynicism, but considering the cozy relationship enjoyed by Big Tech and the government, and in light of the fact that every major internet company was surreptitiously participating enthusiastically in these surveillance programs up until Snowden blew the lid on the whole thing, I don’t trust them one iota more than the government, and strongly suspect the “tension” between them is stage fighting.

    1. It’s hard to know for sure. The government isn’t playing by the rules much anymore, so those companies may not have been so gleeful in their cooperation. What changed for them and allowed them to behave differently was the public knowledge that they were involved. I’m sure the government issued the standard threats about keeping quiet about national security matters.

      1. And even if the tech companies were participating willingly in government surveillance, the market incentives changed once enough of their customers got pissed off about it. Private companies, unlike government entities, actually have to be responsive to pressure from those who use their services.

        1. Private companies, unlike government entities, actually have to be responsive to pressure from those who use their services.

          Or at least have the appearance of being responsive, which I suspect is more the case here. The tech companies could have refused to acquiesce to the government’s demands from the get go – they understood full well that their users would have been livid had they know the extent of their cooperation, which is why they kept it hidden. But go along to get along keeps that AdSense tap open. If Google, for instance, had told the government to shove it up their ass and go explain to half of the planet’s population why there was no more Gmail and YouTube, the government’s position would have been a lot more untenable than Google’s. They didn’t have the balls to do the right thing for their customers, so they lied to them instead. Fool me once, shame on you.

          1. One small tech company shut down rather than agree to ridiculous demands from the government (Lavabit). Another shutdown some of their services preemptively as well (Silent Circle). The only people who cared were the ones who already did. Nothing came of it.

            I too wish the bigger players had done that (and it may have worked), but it’s not just money at stake, but jail time too, and not everyone wants to take that risk. I’m not going to give them shit for it.

            1. I’m not so sure the government gives a shit anymore about pissing off consumers, as they’ll just cloak it all in national security this and national security that. Never ever holding politicians accountable or limiting their power has a very heavy price.

      2. “It’s hard to know for sure. ”

        So why entrust your secrets to an outfit that you know is susceptible to government threats?

  14. “and other major companies that serve huge markets and have the potential to protect the public’s privacy”

    Major companies are there to make a profit. Looking to them to protect public privacy is not a good idea. Anyone ever heard of Tox, the encrypted, decentralized voip client, alternative to Microsoft’s Skype? The people who developed Tox are not a Major company, they are not a company at all. They brazenly say in their publicity that “We are here for altruistic purposes.”

    1. Major companies are there to make a profit.

      That doesn’t preclude them from also protecting public privacy (or more accurately, customer privacy) — it may be the case that there is actually a great deal of profit to be made in doing so. However, many of the largest tech firms have demonstrated that they are not trustworthy in that regard.

      But given your posting history, I bet you’re the kind of retard who thinks linux is a shining beacon of socialism, so there’s no real point in discussing it with you.

      1. Why trust a 3rd party with your secrets, whether or not they stand to make a profit?

        “I bet you’re the kind of retard who thinks linux is a shining beacon of socialism”

        Name your terms.

    2. “public privacy”

      Ha!

  15. The biggest challenge for traditional tech companies is that making money from advertising is not compatible with privacy. It means that for the foreseeable future, widely available commercial services subject to US jurisdiction can’t/won’t give you full privacy.

    In the long run though, one or more of the following will change that game.

    Decent micropayment or other alternatives to advertising changes the incentives of service companies. They may choose to respond by collecting way less information/storing it in a way that requires the user’s co-operation to decrypt.

    Some stuff is way more sensitive than the rest. Messaging and email platforms can and will likely migrate to fully private systems in the next 5 years. That actually puts the bulk of our communications out of reach. Many smaller tech companies are already working on this stuff (TextSecure is awesome and I highly recommend it even to non-techies).

    In the more extreme scenarios, some companies will do for online services what Silk Road did for drug markets: If providing privacy is outlawed, outlaws will provide privacy. How do you subpoena a site on the darknet when people talk about woodchippers?

    So I’m hopeful overall: Even if the incumbents can’t do the job, someone will step up to the plate. We’ve only had the public internet for 25-ish years. These things take time.

    1. “outlaws will provide privacy”

      I don’t understand the urge to entrust your secrets to 3rd parties whether they be outlaws or respectable Major companies. P2P options like Tox which I mentioned earlier, cut out the middleman, don’t expect to make money off you, don’t advertise, and are available today for your downloading and installation pleasure.

      1. And where they’re a viable option I agree. Which is why I think messaging and email are going to operate on that basis within 5 years. It’s the other stuff that’s way trickier.

        I happen to run a web service. Most of my customers would hate me if the first time they lost their password I told them there was nothing I could do since the data was encrypted with their password and thus unreadable even to the NSA.

        I personally would prefer to do it that way (since we don’t use their private information and it’s just more risk for us to have to store it in a recoverable form), but it’s not my preference that matters.

        Unfortunately, as long as there’s people who don’t understand how to use crypto properly, there’s going to a tradeoff between usability and privacy. It sucks but that’s life. Maybe my grandchildren will live in a world where computer skills get taught in kindergarten and everyone has a PGP key, but I don’t.

  16. Yes, hands off that private information so we can gather it and exploit it.

Please to post comments

Comments are closed.